OSN June 7, 2021

Fortify Security Team
Jun 7, 2021

Title: Severe RCE Vulnerability in VMware vCenter Server Is Under Attack

Date Published: June 7, 2021

https://heimdalsecurity.com/blog/severe-rce-vulnerability-in-vmware-vcenter-server-is-under-attack/

Excerpt: “The security vulnerability can be remotely abused by unauthorized threat actors in less complicated attacks which don’t need user interaction. Successful exploitation enables cybercriminals to assume control of a company’s entire network, seeing that IT departments and administrators use VMware vCenter servers to manage VMware solutions deployed across organization environments.”

Title: Ransomware to Be Investigated Like Terrorism

Date Published: June 4, 2021

https://blog.malwarebytes.com/malwarebytes-news/2021/06/ransomware-to-be-investigated-like-terrorism/

Excerpt: “Tracking payments or making it illegal to pay ransom could make another dent in the severity of the threat. According to the report by the RTF, about 27 percent of victims choose to pay a ransom. With this, these victims are fueling the ransomware industry. Not that they want to, but sometimes they feel it’s the only viable choice. This feeling is often strengthened by the additional threat to publicly disclose exfiltrated data.”

Title: Protect Networked IoT Devices or Protect the Network From IoT Devices?

Date Published: June 3, 2021

https://threatpost.com/revil-spill-details-us-attacks/166669/

Excerpt: “Modern organizations working in the healthcare sector make use of numerous IoT medical devices. To test the security of such devices, researchers bought and tried to hack a used ultrasound machine. They needed only about five minutes to compromise it; the device was running on a version of Windows 2000 that had never been updated. Moreover, they were able not only to obtain control of the device, but also to gain access to the patient data the previous owner hadn’t deleted.”

Title: Researchers Discover First Known Malware Targeting Windows Containers

Date Published: June 7, 2021

https://thehackernews.com/2021/06/researchers-discover-first-known.html

Excerpt: “Unlike most cloud malware, which mostly focuses on resource hijacking and denial of service (DoS), Siloscape doesn’t limit itself to any specific goal. Instead, it opens a backdoor to all kinds of malicious activities.” In addition to securely configuring Kubernetes clusters, it’s also recommended to deploy Hyper-V containers if containerization is utilized as a form of the security boundary.”

Title: Adventures in Contacting the Russian FSB

Date Published: June 7, 2021

https://krebsonsecurity.com/2021/06/adventures-in-contacting-the-russian-fsb/

Excerpt: “The reason I contacted the FSB — one of the successor agencies to the Russian KGB — ironically enough had to do with security concerns raised by an infamous Russian hacker about the FSB’s own preferred method of being contacted .KrebsOnSecurity was seeking comment from the FSB about a blog post published by Vladislav “BadB” Horohorin, a former international stolen credit card trafficker who served seven years in U.S. federal prison for his role in the theft of $9 million from RBS WorldPay in 2009. Horohorin, a citizen of Russia, Israel and Ukraine, is now back where he grew up in Ukraine, running a cybersecurity consulting business.”

Title: An Exploratory Account of Software Reverse Engineering in a Security Context

Date Published: June 7, 2021

https://jaydwayne.medium.com/an-exploratory-account-of-software-reverse-engineering-in-a-security-context-1247883059c6

Excerpt: “Transferring knowledge is a challenge in reverse engineering. Documentation alone is often not enough to understand the work that has been completed by somebody else: “[I would] look at a version with comments, but I’d still need to jump through to understand.” In the current setting, information is usually passed on verbally or via email and chat. These mechanisms do not scale beyond groups of about five reverse engineers. To solve some of these issues, the idea of a workflow would be useful: “Right now it’s being done like a craft, and we , software engineers, would like to have some kind of assembly line”.”

Title: An Exploratory Account of Software Reverse Engineering in a Security Context

Date Published: June 7, 2021

https://www.zdnet.com/article/this-phishing-email-is-pushing-password-stealing-malware-to-windows-pcs/

Excerpt: “With the massive influx of supply, buyers seem to be gravitating towards bigger, “trustworthy” sites, with White House Market holding the largest market share of sales. The Dark Web markets are even starting to parody traditional markets with comical offers of “buy 2 cloned credit cards and get 1 for free!!” for example. In an effort to mitigate detection and tracking by law enforcement, the Dark Web is moving towards increased security on all ends. The markets have abandoned Bitcoin (BTC) as it is not secure, and vendors are demanding buyers to use Monero as payment and communicate only through PGP encryption.”

Title: Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant

Date Published: June 4, 2021

https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant

Excerpt: “FortiGuard Labs recently captured a fresh phishing campaign in which a Microsoft Excel document attached to a spam email downloaded and executed several pieces of VBscript code. This malware is used to hijack bitcoin address information and deliver a new variant of Agent Tesla onto the victim’s device.  Agent Tesla, first discovered in late 2014, is a known spyware focused on stealing sensitive information from a victim’s device, such as saved application credentials, keyboard inputs (keylogger), etc. We have posted a number of detailed analysis blogs for the Agent Tesla campaign captured by FortiGuard Labs over the past several years. ”

Title: The U.S. Must Redefine Critical Infrastructure for the Digital Era

Date Published: June 7, 2021

https://beta.darkreading.com/attacks-breaches/the-us-must-redefine-critical-infrastructure-for-the-digital-era

Excerpt: “Because our digital infrastructure isn’t as easily visualized as the analog, physical infrastructure it’s replacing, we still harbor an old-school mentality regarding the systems our economy relies upon. The pandemic made painfully clear that our economy now relies heavily upon a robust Internet; our digital infrastructure was the lifeblood enabling people to continue living some semblance of their prior lives, facilitating everything from continuing work and school to ordering food and securing toilet paper. Quarantine and social distancing worked largely because the Internet kept everyone connected to everything, even when we weren’t using the physical roads, railways, and airports we historically relied on.”

Title: Hacking Space: How to PWN a Satellite

Date Published: June 7, 2021

https://www.welivesecurity.com/2021/06/07/hacking-space-how-pwn-satellite/

Excerpt: “One of the significant hacking entry points is the ground station facilities, since they represent access to communication links to stellar equipment, so there is renewed focus on security, including using hard tokens for authentication/identification, and implementation of solid processes like NIST cybersecurity framework SP-800-53 and SP-800-39 for risk management. If hackers can deny service at the ground station level, bad things can definitely happen, since they’re basically cutting the umbilical cord.”

Recent Posts

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 31, 2022

Title: Microsoft Shares Mitigation for Office Zero-Day Exploited in Attacks DatePublished: May 31, 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-office-zero-day-exploited-in-attacks/ Excerpt: “Microsoft has shared mitigation...

May 6, 2022

Title: Google Docs Crashes on Seeing "And. And. And. And. And." Date Published: May 6, 2022 https://www.bleepingcomputer.com/news/technology/google-docs-crashes-on-seeing-and-and-and-and-and/ Excerpt: “A bug in Google Docs is causing it to crash when a series of words...

May 5, 2022

Title: Tor Project Upgrades Network Speed Performance with New System Date Published: May 5, 2022 https://www.bleepingcomputer.com/news/security/tor-project-upgrades-network-speed-performance-with-new-system/ Excerpt: “The Tor Project has published details about a...